►
From YouTube: Ambient Mesh WG Meeting 2022 11 16
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Do
all
right
so
what's
on
the
agenda.
A
So,
who
usually
run
this
meeting.
D
A
Should
be
yeah
and
Stephen
and
I
will
just
we're
just
looking
at
this
yesterday
and
by
the
way
is
those
of
you,
everybody
see
if
you
access
the
select
yeah.
D
Yes,
I
can
see
it
so
yeah.
So
one
question
I
have
I
guess
regarding
the
sport
is
I,
think
Greg.
He
was
trying
to
assign
him
something
because
he
was
interested
in
your
help
out
with
the
config
dump
endpoint
and
he
find
out
he
couldn't
it's.
The
intentional.
A
So
I
run
into
a
little
issue
here.
I
apparently
didn't
have
access
to
make
any
changes
here,
but
Greg
is
a
maintainer
right.
E
E
Says
everyone
in
the
organization
can
see
and
edit
this
project,
so
everyone
in
the
order
should
be
able
to
edit
it,
and
if
you
can't
sign
an
issue,
I
don't
know,
can
it
should
be
the
same
permissions
as
hgo
I
would
think.
Maybe
actually
you.
E
E
A
A
F
Sorry,
the
the
what
field.
F
A
Yeah,
so
the
size
is
just
another
label
sounds
like
you
should
be
able
to
do
that.
So
one
thing
in
terms
of
running
the
project.
One
thing
I'd
like
to
enforce
is
for
anything:
that's
in
the
up
next
column.
Let's
make
sure
that
before
we
we
turn
it
into
in
progress.
Let's
make
sure
that
everything
in
the
up
next
column
has
an
estimated
size.
So
that
way
we
can
project
when
the
the
items
could
be
done
and
also
establish
some
kind
of
execution
velocity
for
this.
B
A
Yeah
so
Josh
would
answer
your
question.
I'm
working
on
this
on
the
Google
end
we'll
get
to
sorted
out,
but
for
now
we
can
reuse
the
TLC
meeting
link.
G
G
B
A
H
C
List
before
I
left
Google
and
it
it
did
not
get
done.
C
I
have
a
question
I've
been
lurking
with
Nate
on
you
know,
ramping
up
on
Z
tunnel
and
one
of
the
things
that
we've
both
encountered,
we're
both
on
the
new
Macbook
m2s
and
we've
struggled
to
get
the
Z
tunnel
to
build.
It
appears
to
be
related
to
the
fact
that
we're
on
arm
processors
wanted
to
know
if
other
people
had
encountered
that
difficulty
and
knew
how
to
overcome
it,
or
if
this
you
know
world's
smallest
violin.
If
we're
the
only
ones
facing
this
problem,
then
we'll
figure
it
out
ourselves.
E
I
tried
a
bit
on
Cross
compiling,
so
I
don't
have
an
armed,
laptop
and
I
had
issues
at
the
very
least.
You'll
need
to
disable
the
fips
mode,
since
that
actually
doesn't
support
arm.
But
even
once
I
did
that
I
ran
to
some
issues,
I'm
guessing
there's
a
way
around
it.
I
just
didn't.
Do
it
yet?
Well,
I
guess
it
was
boring
SSL
that
was
issue,
but
they
they
do
build
an
arm
on
that
version
without
the
fips
mode.
So
there's
probably
just
some
wrangling
you
need
to
do.
I
did
notice.
E
There
was
some
commit
about
arm
in
boring
the
boring
Library
for
the
rust
bindings
in
a
newer
commit
than
what
we
have.
So
it's
possible
that
if
we
just
like
bumped
a
head
or
something
it'll,
work,
I,
don't
know.
If
you
send
me
a
empty
laptop,
maybe
I'll
help
out
yeah.
H
H
Yeah,
no
no
Chrome
Works
on
arms,
so
boring
that
it
works
on
arm,
but
I
think
there
are
other
reasons
why
we
might
want
an
open,
SSL
variant
anyway,
right.
H
So
either
of
those
are
viable,
I
had
the
same
problem
as
you.
Mitch
I
was
hacking
away.
Turning
off
fips
I'm
trying
to
update
the
build,
but
I
didn't
get
enough
time
on
my
weekend
to
finish
it
so
I,
don't
think
we
want
react
to
do.
Native,
rust,
TLS,
Customs,
open
SSL.
H
That
would
be
because
the
vendor
preference
for
it
if
they
wanted
to
use
openssl
based
fips
right,
open
SSL.
Being
this
massive
integration
point
for
a
bunch
of
people,
so.
H
I
So
a
question
for
this
is
this:
will
be
top
not
the
top
high
priority
item
I
mean
to
provide
the
open,
SSL
option.
H
E
Yeah,
it's
probably
not
a
ton
of
work,
it's
just
a
lot
of
copy
and
pasting,
probably
I
mean
Lincoln.
He
actually
does
it
with
boring,
ssla
and
rust
PLS,
which
are
very
different.
Libraries,
the
open
SSL
and
foreign.
H
E
H
J
D
D
You
had
a
question
in
the
chat
looking
for
the
project
page
for
ambient
I.
Don't
believe
we
have
a
dedicated
product
page.
So
what
we
have
is
as
part
of
the
istio
project.
There
is
a
label
for
mbms.
So
that's
how
you
can
see
different
issues
in
there
there's
also
a
dedicated
zetano
project,
which
Francis
was
presenting
the
board
positional
for
folks
who
are
interested
in
your
help
out
with
Nintendo.
D
Okay,
great
I
do
have
a
topic:
I
want
to
kind
of
discuss,
I
guess
the
strategy
for
HBO.
D
So
yesterday,
I
saw
in
a
comment,
so
remember
John,
you
had
a
therapy
PR
of
Cherokee
the
actual
implementation
for
psycha
in
istio
1.16
right,
so
that
PR
was
merged,
so
edgebone
is
landed
in
116
for
psycha.
But,
interestingly
I
think
quad
made
a
comment
that
I
just
happened
to
saw
yesterday
that
it
talks
about
hey
the
the
code.
Change
for
Xbox
in
1.16
is
being
overrated
or
rewrite,
and
it's
derived
from
master,
so
I
assume
in
what
release
116.
E
D
D
Okay,
so
that's
all
internal
okay,
so
probably
less
important
for
users
at
the
moment
and
then
for
Edge
form
for
ambient
I
think
zetano.
We
would
have
to
implement
code
for
H4,
which
you
already
have
some
of
the
code
for
Waypoint
proxy
I
know
Louie.
You
talk
about
the
sandwich
approach.
D
H
D
I
guess
my
point
is
we
need
to
do
the
work
for
the
site
car
anyway,
so
you,
you
will
have
the
code
for
Envoy
with
actual
and
maintain
that
code
for
sidecar
for
a
long
time
too,
right.
H
D
And
that's,
do
you
say
you
can
move
to
http
3
with
psycha,
which
seems
not
reasonable,
so.
H
J
Actually
is
that
something
I
want
to
also
bring
up
I
mean,
maybe
we
should
start
building.
You
know
sidecars
with
zip
tunnels
LinkedIn
and
start
with
an
experiment
that
we
could
say
sandwiching,
because
it
will.
There
is
a
lot
of
complexity
in
a
voic,
I,
agree
kind
of
with
what
that
the
current
generated
code
in
in
a
way
to
support
each
tunnel
is
a
bit
complicated.
B
I
J
Panel
will
the
history
agent
will
exec
tunnel
as
well
and
yeah.
J
It's
not
very
hard
to
add
kind
of
legacies
where
we
just
you
know,
extend
a
bit
the
pass
through
mode
that
we
have
for
external
destination
rtls
and
and
eliminates
the
complexity,
because
there
is
a
lot
of
risk
and
and
it
will
accelerate
things
if
we
just
don't
bother
it.
D
That's
an
interesting
proposal
too.
I
think
the
other
thing
Louie
would
be
interesting
is
instead
of
using
zidano
as
a
psycha,
giving
when
Waypoint
proxy
or
sidecar
runs
this
probably
already
a
co-located
zetano.
Can
we
reuse
that
zetano
with
you
know,
do
it?
It
was
a
sidecar
I
think
that
would
be
also
interesting
to
explore.
H
H
H
H
J
For
you
know
the
other
alternative
for
VMS
and
other
similar
environment.
So
everywhere
you
don't
have
the
pet
load.
But
yes,
it's
a
penalty
exist.
Then
it
would
like
the
idea
to
use
it
all
right.
H
H
Is
it
a
better
choice
to
just
tell
users
to
install
right
the
demon
right
and
then
somehow
turn
off
MTS
and
it's
like
or
like?
How
would
that
work.
J
Yeah,
for
example,
we
have
I
mean
the
promise
delegation.
Again,
it's
not
difficult
to
have
and
void
not
to
do
PLS,
and
it's
not
difficult
for
digital
Network
to
employ
after
decryption,
but
we
we
are
back
to
the
problem
of
how
do
we
pass
metadata
and
HTTP
I.
H
J
H
Yeah
we're
not
going
to
use
that
proxy
I,
don't
think
that
makes
a
lot
of
sense,
but
you
like
we
can
discuss
other
options
but
from
a
pattern.
Standpoint
right
that
probably
seen
as
like
the
easiest
upgrade
path
for
users
right,
because
when
that's
ready
right,
they
just
get
a
rolling
update
of
the
sidecar,
which
now
has
two
processes,
two
sidecars
in
it
and
then
eventually
one
of
them
just
turns
off.
H
B
H
H
May
not
roll
out
the
demon
set
at
that
point
right.
You
just
may
go
through
the
standard.
Istio
upgrade
mechanisms
right,
not
change
any
of
your
behavioral
processing
right.
You
haven't
really
made
a
decision
to
adopt
ambient.
You
are
right,
you're,
getting
a
transparent
upgrade
to
each
one.
At
that
point,.
B
B
Right
and
that
way,
you
don't
have
this
situation,
where
you're
having
to
instruct
users
how
to
handle
their
three
sidecars
I.
Think
there's.
Definitely
like
you
know
you
can
do
it
either
way,
but
if
they
have
to
install
the
Davidson
anyway,
I
think
it
offers
a
cleaner
path.
Assuming
we
can
fix
the
you
know,
like
figuring
out
what
traffic
we
need
to
capture
where
and
all
those
other
problems.
H
D
Yeah
and
I
was
thinking
on
different
ones
to
enter
your
question.
You
know
how
in
116
the
community
added
as
part
of
Discovery
selector
configuration,
you
can
config
what
namespaces
istio
control
plane
is
processing
the
istiocid
and
also
create
like
the
SEO
root,
CA
config
map.
So
if
we
ever
expose
a
configuration
to
say,
hey
I
only
want
zetano,
maybe
installed
on
the
Node
that
has
this
particular
label
and
nothing
else.
D
So
you
could
potentially
have
a
scenario
that
some
of
your
parts
are
just
running
on
the
nodes
without
zetano
for
a
while,
and
some
of
your
pods
are
in
the
ambient.
J
I
mean
I,
think
I
think
this
is
a
nightmare.
It
will
be
a
nightmare
because
you
know
the
it's
very
difficult
to
control.
What
node
you're
attached,
how
you
you
get
it
the
whole
thing
where
you
have
you
know
multiple
version
of
Z
panel.
It's
it's
not
going
to
fly
very
well
with
the
with
the
current
model
within
one
set.
H
That
means
that
when
we
talk
to
an
endpoint,
we
need
to
know
what
protocol
to
talk
to
it
with
right,
and
today
we
cannot
like
cutting
over
from
the
alpn
driven
TLS
protocol
selection
for
the
tunnel
to
the
h-bone.
One
requires
endpoint
awareness
right
about,
what's
available
at
the
endpoint
to
do
that.
J
D
Was
talking
about
the
names
discover
selectable
namespaces?
It
could
be
yeah,
actually
I'm,
not
too
familiar,
but
I
thought
it
was
a
pretty
cool
thing.
They
added
I
think
zonfu
added
that
it
could
well
be
used
for
soft
multi-tenancy,
like
you
said,
because
I
can't
see.
Why
would
people
not
want
istio
resources
to
be
processed
in
the
namespace?
If
you
know
if
they
put
an
Israel
resource
in
there.
J
F
J
D
Yes,
it
is
through
two
different
things,
so
Louis
I
think
your
point
is
there's
a
challenging
of
shifting
from
the
sidecar
World,
which
doesn't
understand
Edge
phone
to
a
word
that
the
traffic
needs
to
account
only
process,
Edge
phone.
So
you
we
need
to
kind
of
how
do
we
enable
that
switch
to
be
seamlessly
right
from
where
users
are
running
cycle
today
and
then
from
upgrade
to
a
newer
version
of
istio?
D
H
I
H
D
C
D
H
It's
not
a
complicated
protocol
to
implement.
We
already
have
to
do
capability
distribution
to
Z
tunnel,
and
it
would
make
the
composition
clearer
right.
H
So
yeah-
and
this
is
a
complexity,
trade-off
right.
Is
it
easier
to
do
it
by
putting
the
old
protocol
into
the
z-tunnel
temporarily
right,
enabled
by
a
flag
and
then
just
stripping
all
of
the
tunneling
stuff
out
of
Envoy?
I
Hi
I
have
the
other
question
for
for
ambient,
so
the
question
is
currently
ambient
can
only
run
on
some
specific
environment
for
a
lot
of
our
CI.
We
can.
We
cannot
support
I
actually
opened
a
usual
long
time
ago,
and
there
are
some
response
that
there
are
big
refactor
on
this
part
so
want
to
know
what's
the
future
direction.
For
this
part.
I
You
know
today
yeah-
maybe
let
me
repeat
so.
My
question
is
currently:
if
you
want
to
run
ambient,
it
requires
some
specific
saying
eyes,
for
example
in
Calico
it
doesn't
work.
So
what's
the
plan
to
fix
this
kind
of
problem,
because
you
know
this
I
think
is
a
very
basic
problem.
We
need
to
make
sure
ambient
can
work
seamlessly
in
most
of
the
Clusters,
no
matter,
no
matter
what
scene
I
plug
in
the
cluster
is
using,
but
currently
we
can't.
J
J
J
I
It's
not
related
with
kernel,
I
think
but
related
with,
especially
the
redirection
rules
yeah.
How.
J
They
interact
with
how
the
cni
is
implemented.
Yes,
yes,
I
I,
I,
I,
I,
I
I've
seen
this
and
it's
it's
a
valid
concern
but
I
think.
Well,
let's
say
we
can
fix
the
CNL,
convince
them
to
use
a
different
cni
provider.
The
only
option,
but
that
is
viable-
is
to
use
Sidecar,
which
will
lead
anyway
for
VM
support
and
other
things.
So
it's
worth
investing
in.
B
L
I
L
Think
there
is
there's
efforts
underway
to
make
this
work
on
other
platforms,
but
it's
an
open
source
project.
So
you
know
we.
There
are
a
couple
platforms
that
we're
targeting
I'm
sure
there
are
other
people
that
are
targeting
other
ones,
but
you
know
if
there's
a
platform
that
you
specifically
are
interested.
You
know
you
can
always
you
know,
do
the
work
to
do
that.
I
mean
and
I
think
there
will
be
more
platforms
that
are
supported
that
to
do
that
in
their
level.
L
H
It's
a
backlog
problem
I
saw
in
the
chat
somebody
from
Azure,
I,
think
kind
of
working
with
AKs
yeah.
E
H
Provider
that
was
with,
but
you
know
and
I,
don't
know
what
hacking
they
had
to
do
to
do
it,
but
it
clearly
shows
that
this
can
be
done,
but
you
know
there's
as
Justin
said,
this
is
an
open
source
project.
If,
if
you
need
one
to
meet,
if
you
need
to
get
one
working
and
nobody
else
has
made
it
work
yet
then
hack
away,
please.
D
K
Yeah
so
one
more
question
so
is
a
serverless
also
in
scope
of
of
what
we
are
doing
with
ambient.
H
H
So
certainly
as
custom
mentioned
right,
we
still
need
to
make
the
Z
tunnel
capable
of
running
as
a
sidecar.
So
if
you
can
run
a
sidecar
in
ECS
or
4K,
which
I
don't
claim
to
be
an
expert
in
and
you
can
find
a
way
to
push
the
traffic
through
it,
then
the
system
will
work.
H
H
But
it's
not
high
on
my
list
as
a
Google
person
to
make
it
work
on
fargate,
though
I
suspect
somebody
could
go,
make
it
work
on
Far
gate
and
and
we
would
help
them.
If
somebody
had
the
motivation
to
go
and
do
that.
B
G
B
J
There's
an
entirely
true:
okay:
we
we
have
additional
sources
of
configuration.
There
is
support
for
well,
it's
not
very
well
supported,
but
we
always
have
support
to
running.
You
know,
console
other
XDS,
Federation
and
all
the
other
stuff
that
is
mesh
config
Advanced
configurations
from
Galley
time.
K
Okay,
yeah
I
am
not
very
aware
of
that,
but
yeah
thanks
to
good,
to
know
that
thanks
and
yeah
I
mean
if
we
can
keep
the
serverless
also
in
scope.
It
will
be
really
great
because
there
are.
There
are
users
wanting
to
go
on
on
each
platform
and
still
want
to
have
the
mesh
to
to
help
with
connectivity.
K
K
It's
just
what,
when,
because
it's
a
new
project
I
mean
there
are
good
I
mean
it's
good
to
basically
also
include
serverless,
also
in
the
school,
because
a
lot
of
application
would
actually
I
see
most
of
them
moving
to
serverless,
so
that.
B
K
Yeah
I
mean
I'm
just
trying
to
get
involved,
I
mean
I'll
be
really
happy
to.
Basically
it's.
E
H
J
H
Yeah
so
I
guess
the
metal
Point
here
is
Carlson
has
made
it
work
on
cloud
run
pretty
well.
He
has
not
and
is
unlikely
to
try
and
make
it
work
on
PCS
being
that
he
was
from
Google.
But
if
somebody
wants,
you
know
to
give
that
a
go
I'm
sure
he
had
to
answer
questions
for
them
on
the
chat.
D
D
J
It's
internal
excitation:
it
should
work
with
Community
person
I,
don't
see
any
reason
why
you
have
to
work
with,
but
with
Kennedy.
You
can
work
with
a
certain
note,
because
you
don't
have
to
go
through
this
kind
of
extra
complexities.
Okay,
okay
is
interesting
because
in
kineties
they
have
the
activated.
Probably
we
should
have
a
discussion
about
this
because
they
have
the
activator,
which
is
not
very
compatible
with
age
ball.
So
if
they
would
make
some
changes
to
their
activator
to
support
H1,
it
will
be
a
much
better
experience
for
it.
Yeah.
H
The
k-native
guys
are
actually
pretty
interested
in
having
waypoints
it's
a
much
better
model
for
them,
but
we
haven't
done
any
testing
with
that
foreign.
Yes,
if
anybody
asks
have
we
tested
X
other
than
gke.
The
answer
is
probably
no
right.
Now:
okay,.
D
H
H
D
J
H
A
Ethan
I
believe
is
taking
the
day
off
today
only
because
he
worked
over
the
weekend
all
right,
that's
that
is
completely
fair.
H
A
H
A
We
can
just
add
these
cni
supports
to
the
backlog
after
we
fix
the
the
commission
system
was
a
project,
and
then
we
can
prioritize
them
in
the
board
itself.
H
A
Also
I
want
to
I
I
want
to
clarify
that
this
project
here
this
project
were
specific
to
Z
tunnel
and
I'll,
be
working
with
John
to
track
one
for
ambient
sidecar
as
well.
These
two
should
not
be
confused
as
one
single
project.
A
A
Board
for
just
ambient
Waypoint,
yet
we'll
have
one.
E
I
I
kind
of
like
it
I
think
it
really
depends
on
getting
the
metadata
passing
and
what
that
looks
like
if
that
is
really
good
and
works
well,
and
it's
efficient
and
all
that
it's
probably
more
viable.
If
it's
not,
then
I
may
be
a
huge
overhead
and
source
of
complexity,
because
we'll
not
just
need
to
pass
the
identity
as
well
for
sandwich
probably
also
need
to
pass
like
this
Source
IP,
import
and
other
things
as
well.
E
G
J
J
Like
a
lot
of
people
study
the
AJ
process
protocol,
the
the
using
because
it's
already
supported
and,
for
example,
a
short
term,
at
least
until
we
have
some
replacement
Maybe.
H
H
H
J
And
I
think
it's
it's
important
to
keep
them
aligned,
but
if
other
people
have
more
time
or
interest
happy
to
collaborate.
B
J
B
E
I
think
it
matters
quite
a
bit
because
while
we
may
use
it
for
a
short
even
for
Envoy,
it
may
not
be
short
term
right
on
the
Waypoint,
but
this
I'd
imagine
we'd
use
the
same
functionality
for
applications
wanting
to
know
the
identity
that
was
used
as
well.
K
F
H
H
As
far
as
I'm
right,
the
the
psyllium
folks
implemented
that
using
an
ebppi
ebpf
map
right
and
there's
code
showing
that
this
so
there's
basically
put
it
in
the
protocol
right
like
AJ
proxy.
It's
a
proxy
protocol,
put
it
in
an
evpf
map
or
a
socket
option,
or
put
it
in
an
endpoint
that
you
call
that
exists
on
the
interface
to
look
up.
The
peer
method.
H
And
Customs
probably
write
that
proxy
protocol
is
the
easiest
of
them.
If
we're
going
to
do
inbound
existing
onward
support,
you
could
argue
that
the
ebpf
thing
is
also
in
band
sort
of
a
look-asite.
Api
is
not.
J
H
J
Actually,
that's
a
very
good
point:
John
you're
you're
doing
Pro
MDS.
Maybe
that
would
also
act
as
an
external
Z
from.
H
I
think
we
are
just
about
out
of
time
too,
but
we
obviously
need
a
dog
for
this
right,
because,
but
certainly
called
things
is
a
common
use
pattern
for
doing
augmentation
right,
which
is
what
looking
at
metadata
is,
so
we
might
be
able
to
repurpose
it
right.
A
And
just
to
be
explicit
here
so
constantly
you're
gonna
write
a
dog
is:
will
this
be
a
design
dog
or
it's
just
about
scoping
Docker
I.
J
Like
design
dock,
but
with
the
options
of
the
exist
and
maybe
some
code
for.
A
It's
on
the
topic
of.
J
J
A
I
need
to
run
to
another
meeting.
Can
you
do
me
a
favor
and
just
fill
out
this
last
part
here.
E
Yep
got
some
quiet
set
up
here
today.
That
was
something
about
using
filter
State
instead
of
the
cert
for
our
back
I
think
it's
certain
is
populated
from
Filter
state.
For
sorry,
the
filter
state
is
populated
from
the
search
today,
but
that's
probably
a
good
building
block
for
what
you're
looking
yeah
yeah.